Samba 3.0.0-r1 has a problem binding to a "ldap admin dn" if one of the attributes contains spaces. I was able to setup openldap and connect to it, but Samba cannot bind to it. I suspect it's a matter of inconsistent string handling. If I use ldap admin dn = "cn=Manager,o='University of Pretoria',c=ZA" to store the secret, things break completely. The only way I could get it semi-working, is to remove the quotes while storing the secret and use quotes while binding, with restarts after changes to the config. The second problem is that credentials in secrets.tdb cannot be updated without deleting the file. Reproducible: Always Steps to Reproduce: 1. Setup Openldap with base dn that contains spaces 2. Setup Samba 3. Store credentials in secrets.tdb 4. Let Samba connect to Openldap Actual Results: Samba connects to Openldap service, but cannot provide the correct credentials. Expected Results: Bind with correct credentials Portage 2.0.49-r15 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r3, 2.4.20-gentoo-r7) ================================================================= System uname: 2.4.20-gentoo-r7 i686 Pentium III (Coppermine) Gentoo Base System version 1.4.3.10p1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O3 -mcpu=pentium3 -funroll-loops -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O3 -mcpu=pentium3 -funroll-loops -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="sandbox ccache autoaddcvs" GENTOO_MIRRORS="ftp://ftp.up.ac.za/mirrors/gentoo.org/gentoo ftp.is.co.za/linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://ftp.up.ac.za/gentoo-portage" USE="x86 apm crypt cups foomaticdb gif jpeg libwww mad ncurses nls png slang spell xml2 zlib gdbm berkdb readline java mysql gpm tcpd pam ssl perl python ldap acl clamav cscope fbcon imap innodb jikes junit lmtp mbox mcal nptl oav ppds samba sasl slp sse -oss -arts -avi -encode -gtk -imlib -kde -gnome -libg++ -mikmod -motif -mpeg -oggvorbis -opengl -pdflib -qt -quicktime -sdl -svga -truetype -X -xmms -xv" -------------- ades root # ACCEPT_KEYWORDS="~x86" etcat -u samba-3.0.0-r1 [ Colour Code : set unset ] [ Legend : (U) Col 1 - Current USE flags ] [ : (I) Col 2 - Installed With USE flags ] U I [ Found these USE variables in : net-fs/samba-3.0.0-r1 ] - - kerberos : Adds kerberos support + + mysql : Adds mySQL support - - xml : Check/Support flag for XML library (version 1) + + acl : Adds support for Access Control Lists + + cups : Add support for CUPS (Common Unix Printing System) + + ldap : Adds LDAP support (Lightweight Directory Access Protocol) + + pam : Adds support PAM (Pluggable Authentication Modules) + + readline : enables support for libreadline, a GNU line-editing library that most everyone wants. + + python : Adds support/bindings for the Python language + + oav : Adds support for anti-virus from the openantivirus.org project --------- hades root # etcat -u openldap [ Colour Code : set unset ] [ Legend : (U) Col 1 - Current USE flags ] [ : (I) Col 2 - Installed With USE flags ] U I [ Found these USE variables in : net-nds/openldap-2.0.27-r4 ] + + ssl : Adds support for Secure Socket Layer connections + + tcpd : Adds support for TCP wrappers + + readline : enables support for libreadline, a GNU line-editing library that most everyone wants. - - ipv6 : Adds support for IP version 6 + + berkdb : Adds support for sys-libs/db (Berkeley DB for MySQL) + + gdbm : Adds support for sys-libs/gdbm (GNU database libraries) - - kerberos : Adds kerberos support - - odbc : Adds ODBC Support (Open DataBase Connectivity)
No reply and nothing in Samba's bugzilla. I'm reporting it upstream myself now.
This bug is invalid. I finally figured out that it was a very obscure (to the user) user error, involving messed up DNS and other misconfigurations. Sorry for wasting your time.
What did you have misconfigured? By the way, if it was apparently that deep of a bug anyways, you really should have just gone to samba.org in the first place. I dont maintain the codebase...